Networking and the firewall (Was Re: Isn't it time for the encrypted file system???)
David Zeuthen
davidz at redhat.com
Thu Mar 30 17:55:22 UTC 2006
On Thu, 2006-03-30 at 12:44 -0500, Matthew Miller wrote:
> Well, having this would allow the existing consolehelper to take the place
> of the "polkit-su" tool you mention in
> <http://lists.freedesktop.org/archives/hal/2006-March/004770.html>. So
> instead of having a new thing, consolehelper could auth to access your
> 'polkit' user.
>
> It seems better to me to make this rather small change to consolehelper
> rather than to make yet another tool from scratch. Maybe I'm missing
> something important, though -- that often happens. :)
Indeed, the whole idea of using polkit-su have been abandoned after
discussion on on the hal list when someone from SUN and SUSE proposed a
better approach. Isn't open development great?
However, it's all work in progress at the point and since it's rather
complex and deals with privilege escalation I've started writing a spec
how all this is supposed to work. I'm not done yet with the spec.. but
this is how far I've got
http://webcvs.freedesktop.org/*checkout*/hal/PolicyKit/doc/spec/polkit-spec.html
and I hope at least the diagram explains what the point is. I do expect
this to be baked at some point rather soon as it's holding back hal and
gnome-mount releases :-) ... at least the difficult part of doing PAM
over D-BUS is done and I already got proof of concept work.. so.. it's
in a state of needing documentation of having a list of TODO's being
worked on. If anyone wants to help out (I'm doing this mostly in my
spare time as I'm tied up with other commitments at work) please join
the hal list and send mail.
Hope this helps.
David
More information about the Fedora-maintainers
mailing list